Nibbles and Bits
PricingHow It WorksRisk CheckSwitch to UsFAQSign InGet a Quote

Privacy Policy

Version 2026-04-17 · Effective April 17, 2026

Nibbles and Bits, LLC ("Nibbles and Bits", "we", "us", or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using our platform (the "Services"), you agree to the practices described here and in our Terms of Service.

1. Scope

This Policy applies to information we collect through the Services, our website, emails and support channels, and any related integrations. It does not apply to third-party sites, tools, or services we link to or integrate with — those operate under their own privacy policies.

2. Information We Collect

We collect the following categories of information:

  • Account information — name, business name, email, authentication identifiers, and role within your business.
  • Venue information — venue name, address, occupancy, seating, square footage, speaker and TV counts, music types, hours of music, admission and dance-floor status, ABC license number, and supporting documentation you upload.
  • Payment information — billing name, billing address, and payment method metadata. Full card details are transmitted to and stored by Stripe; we never receive or store full card numbers.
  • Transactional and compliance records — agreements, signed acceptances (including TOS version, timestamp, IP address, and user agent captured for audit), PRO license status, payment history, compliance certificates, and support correspondence.
  • Device and usage data — IP address, browser type, device type, operating system, pages viewed, actions taken, referring URL, and timestamps. Collected automatically via server logs.
  • Communications — any message you send us through the portal, email, or phone.

We do not knowingly collect special categories of sensitive personal information (health, biometric, precise geolocation, etc.) and you should not submit such information to the Services.

3. Sources of Information

We collect information directly from you, automatically as you use the Services, and from third parties, including: Google (OAuth authentication), Google Places (venue enrichment), Stripe (payment status), BoldSign (e-signature status), PROs (license issuance and audit correspondence), and publicly available business records (ABC licensing, occupancy listings).

4. How We Use Your Information

We use the information we collect to:

  • Calculate PRO licensing quotes and consolidate fee payments;
  • Procure, renew, and maintain PRO licenses on your behalf;
  • Create, authenticate, and support your account;
  • Process payments, send dunning notices, and resolve billing issues;
  • Send renewal reminders, compliance alerts, and service announcements;
  • Maintain audit trails sufficient to defend against disputes, PRO audits, or regulatory inquiries;
  • Detect, prevent, and investigate fraud, security incidents, and unlawful activity;
  • Comply with legal obligations and enforce our agreements; and
  • Improve and develop the Services in aggregate, de-identified form.

5. Sharing With Performing Rights Organizations

A core function of the Services is to share your Venue Information with ASCAP, BMI, SESAC, GMR, and — where applicable — their successors, affiliates, or authorized administrators. This sharing is required to procure licenses and to respond to PRO audits or rate adjustments. By using the Services, you authorize this disclosure. Each PRO processes the data it receives under its own privacy practices, which we do not control.

6. Sharing With Third-Party Service Providers

We share information with vendors who provide services on our behalf, including:

  • Stripe — payment processing and billing portal.
  • Supabase — database hosting and authentication.
  • Vercel — application hosting and serverless functions.
  • BoldSign — electronic signature collection.
  • Resend — transactional and marketing email delivery.
  • Google — OAuth authentication and Places enrichment.

Each provider is contractually obligated to process your information solely for the purposes we specify and consistent with applicable law.

7. Other Disclosures

We may also disclose information:

  • To comply with law, legal process, or valid government request;
  • To enforce these Terms of Service or protect our rights, property, or safety (or those of our users or the public);
  • In connection with a merger, acquisition, financing, or sale of all or part of our business, subject to reasonable confidentiality protections; and
  • With your consent or at your direction.

We do not sell your personal information in the ordinary sense, and we do not share personal information for cross-context behavioral advertising.

8. Data Retention

We retain your information for as long as your account is active and for the period required to provide the Services, comply with our legal and tax obligations, resolve disputes, enforce our agreements, and maintain audit records defensible in the event of a PRO audit (typically at least seven years after the last active period). We may retain de-identified aggregate data indefinitely.

9. Your Rights and Choices

Subject to applicable law, you have the right to:

  • Access a copy of the personal information we hold about you;
  • Correct inaccurate information;
  • Delete personal information, subject to our retention obligations;
  • Export your information in a portable format;
  • Object to or restrict certain processing;
  • Withdraw consent where processing is based on consent; and
  • Opt out of marketing emails via the unsubscribe link or by contacting us.

To exercise these rights, contact us at the address below. We may need to verify your identity and may decline requests that conflict with our legal obligations or that would compromise the privacy or security of others.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the rights listed in Section 9 plus the right to:

  • Know the categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it (all disclosed in Sections 2–7 above);
  • Request deletion of your personal information (subject to exceptions, including our retention obligations for PRO audit records);
  • Correct inaccurate personal information;
  • Limit the use and disclosure of sensitive personal information — though, as noted, we do not knowingly collect sensitive personal information; and
  • Not be subjected to unlawful discrimination for exercising these rights.

We do not sell or share personal information as those terms are defined by the CCPA/CPRA. You may submit a rights request by emailing us at the address below. Authorized agents may submit requests on your behalf with appropriate documentation.

11. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include encrypted transit (HTTPS/TLS), database row-level security, scoped API access, and least-privilege internal access controls. No security measure is perfect; we cannot guarantee absolute security.

12. Cookies and Tracking

We use only essential cookies required for authentication and session management. We do not use advertising cookies or cross-site tracking technologies. Your browser may allow you to refuse cookies, but doing so may prevent parts of the Services from functioning.

13. Children's Privacy

The Services are intended for business users and are not directed to children under 18. We do not knowingly collect information from children under 18. If you believe a child has provided information to us, contact us and we will delete it.

14. International Data Transfers

We are based in the United States. If you access the Services from outside the United States, your information may be transferred to, processed in, and stored in the United States, where privacy laws may differ from those of your jurisdiction. By using the Services, you consent to such transfer and processing.

15. Changes to This Policy

We may update this Policy from time to time. When we do, we will post the updated version at this URL and revise the "Version" above. Material changes will be communicated through the portal or by email. Your continued use of the Services after the effective date of an update constitutes acceptance.

16. Contact

Questions, requests, or complaints regarding this Policy should be directed to:

Nibbles and Bits, LLC
conor@nibblesandbits.com

Version 2026-04-17. By continuing to use the Services you acknowledge that you have read and understood this Privacy Policy.

Nibbles and Bits

All four music licenses (ASCAP, BMI, SESAC, GMR) in one monthly payment. We pay the PROs. You pour drinks.

Product

  • Pricing
  • How It Works
  • Get a Quote
  • Risk Check

Resources

  • Risk Check
  • Already paying? Switch to us
  • FAQ
  • Contact
  • Client Portal

Legal

  • Privacy Policy
  • Terms of Service

Serving Northern California — Sacramento, Bay Area, Wine Country, Tahoe